Syspeace and the GDPR
The GDPR (General Data Protection Regulation) is now in effect in the European Union (and will continue to be in effect in the United Kingdom after it leaves the EU). This law regulates the freedom of individuals to control how their personal data is used. According to the European Commission resource site on the GDPR, personal data is “any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data.” Although companies are not protected by the law, the personal information of people working in a company is.
Syspeace accounts and personal data
Everything marked with @ is personal data either directly or by inference, assuming the Syspeace account is owned by an individual and not by a company or other legal person.
Every Syspeace user needs to register a Syspeace account, and give these details:
- A company name or a person name. @
- An email address. This is used to send the account license key and for future communications. @
- A password.
This information is used to implement the Syspeace license model. We do not sell or share this information with any third party.
When Syspeace has been set up, it sends the following information to the Syspeace license server when validating its license:
- The account license key. @
- The name and the IP addresses of the server running Syspeace. @
- The version of the Syspeace software.
- The size of the local database.
- The version of Windows.
This information is used to implement the Syspeace license model (which requires being able to tell servers apart) and facilitate troubleshooting and support. We do not sell or share this information with any third party. Aggregate information is also used internally to aid future development decisions.
In addition, when a block is registered, the following information is sent:
- The blocked IP address.
- The name of the server running Syspeace. @
- A traceroute to the affected IP address. @
This information is used to provide the source material for the Global Blacklist. We do not sell or share this information with any third party. The resulting Global Blacklist is constructed by aggregating information and does not contain the personal data of any customer. This Global Blacklist is redistributed to every participating Syspeace user.
Use of Syspeace is conditioned on accepting the Syspeace EULA (End-User License Agreement), which gives consent for the collection of this information.
GDPR rights and mechanisms
First: GDPR defines personal data as applying to living individuals. Therefore, the following does not apply to Syspeace accounts associated with companies rather than individuals. A Syspeace account used by a company but where the account’s name is a person name rather than a company name is of course free to request that the company name is used instead.
The GDPR allows for the rights to know about the personal data on file, to correct or update this data, to remove this data (sometimes referred to as “the right to be forgotten”) and to export this data.
You can ask us to provide the name and email address currently on record, or ask us to edit the name and email address. When changing the email address, for security reasons we require an email agreeing to the change to be sent from the current email address. (These changes are available to any Syspeace account.)
You can also ask us to remove the personal data we have on file. In our case, this requires shutting down the Syspeace account, since after removing, pseudonymizing or blanking out everything potentially considered personal data, we would not be able to maintain the Syspeace license model.
To receive a copy of the personal data on file for a Syspeace account, please contact us with an email from that Syspeace account’s email address.
Emails and purchases
From time to time, we may send emails to the Syspeace account email address. These emails can be opted out of by clicking the Unsubscribe link in any such email, or by logging into the Syspeace Licenses site and clicking “Mailing preferences”. (You can also choose to only receive some types of email.)
In addition, during license purchases, we collect address and contact information that we are legally required to collect for auditing reasons; we are also legally required to send the receipt email detailing the purchase. The address and contact information may be shared in whole or in part with our payment processors Stripe or PayPal as may be required to facilitate payment. When making a Bitcoin purchase, no personal information collected during the purchase process is published to the Bitcoin blockchain.